[cryptography] DKIM: Who cares?

Thierry Moreau thierry.moreau at connotech.com
Fri Oct 26 08:02:10 EDT 2012

Peter Gutmann wrote:
> John Levine <johnl at iecc.com> writes:
>> Is there some point to speculating ...?
> Absolutely. ...

> ... so I'm
> assuming there was some business-case issue ...
> ... a security mechanism was deployed on a large scale ...

Let me speculate a moment.

The 384 bits keys are much more efficient than 768+ keys (see HIP 
specifications first version which had a 384 bits DH prime for low-end 

The business case is to avoid upgrading the e-mail servers merely 
because you turn on DKIM (hitting a CPU horsepower limit).

Keep in mind that the RSA vs DSA spreads of CPU load between signer and 
verifier are reversed (RSA signature is more CPU-intensive, DSA 
verification is more CPU-intensive).


- Thierry Moreau

More information about the cryptography mailing list